ESXi 6.5 SNMP Configuration


ESXi SNMP configuration is one of those things everyone knows it, doing it once in a while and Google’s it every time. As our infrastructure grows we need to add a monitoring system to know what is going on on our servers, where is out bottleneck and when it’s time to add new hardware.

There is a lot of monitoring software out there and most of them are using the old SNMP protocol for the basic monitoring tasks. So, for us to be able to monitor our VMware hosts we need to enable SNMP and allow connection through the ESX firewall.

We are going to use the CLI to enable SNMP in ESXi so we need to Enable SSH, Configure SNMP, Enable SNMP on ESXi firewall


Enable SSH on ESXi

In vSpere Web Client click on the server you want to enable SSH and go to Configure -> System -> Security Profile and click Edit. Follow the steps on the picture below.

VMware Enable SSH


ESXi SNMP Configuration

Login into VMware host using SSH and root credentials, then set community string that you are going to use, and enable SNMP service.

esxcli system snmp set --communities YOUR_COMMUNITY_STRING
esxcli system snmp set --enable true

Replace YOUR_COMMUNITY_STRING with the Community string you are going to use, usually this is Private or Public but I think you need to use some unique string one for security reasons.


Enable SNMP on ESXi firewall

Now we need to add a firewall rule to allow inbound SNMP traffic to our ESXi host. For this, we have two options:

  1. Allow all traffic for SNMP
  2. Allow traffic from specific hosts or subnets

Allow traffic from All hosts

esxcli network firewall ruleset set --ruleset-id snmp --allowed-all true
esxcli network firewall ruleset set --ruleset-id snmp --enabled true

Allow traffic from specific hosts or subnets

esxcli network firewall ruleset set --ruleset-id snmp --allowed-all false
esxcli network firewall ruleset allowedip add --ruleset-id snmp --ip-address 192.168.1.0/24
esxcli network firewall ruleset set --ruleset-id snmp --enabled true

Restart SNMP Service

Now that we have done our VMware 6.5 SNMP configuration we need to restart the SNMP service

/etc/init.d/snmpd restart

Finally here is my CLI command list that you can edit and paste. I’ve changed the community string and I’m using my private LAN subnet to allow it on the ESXi firewall.

esxcli system snmp set --communities vionstring
esxcli system snmp set --enable true
esxcli network firewall ruleset set --ruleset-id snmp --allowed-all false
esxcli network firewall ruleset allowedip add --ruleset-id snmp --ip-address 10.90.20.0/23
esxcli network firewall ruleset set --ruleset-id snmp --enabled true
/etc/init.d/snmpd restart

It should look like this:

VMWare SNMP Configuration


I’m going to use my configuration all the time and stop searching for it. Also, don’t forget to DISABLE SSH on your VMware hosts.



Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Advertisement